Vulnerability Description
An attacker could exploit this vulnerability in Hitachi ABB Power Grids Ellipse Enterprise Asset Management (EAM) versions prior to and including 9.0.25 by tricking a user to click on a link containing malicious code that would then be run by the web browser. This can result in the compromise of confidential information, or even the takeover of the user’s session.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hitachienergy | Ellipse Enterprise Asset Management | < 9.0.26 |
Related Weaknesses (CWE)
References
- https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A7777&LanguageVendor Advisory
- https://www.cisa.gov/uscert/ics/advisories/icsa-21-061-01Third Party AdvisoryUS Government Resource
- https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A7777&LanguageVendor Advisory
- https://www.cisa.gov/uscert/ics/advisories/icsa-21-061-01Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2021-27416?
CVE-2021-27416 is a vulnerability with a CVSS score of 5.5 (MEDIUM). An attacker could exploit this vulnerability in Hitachi ABB Power Grids Ellipse Enterprise Asset Management (EAM) versions prior to and including 9.0.25 by tricking a user to click on a link containin...
How severe is CVE-2021-27416?
CVE-2021-27416 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-27416?
Check the references section above for vendor advisories and patch information. Affected products include: Hitachienergy Ellipse Enterprise Asset Management.